Comments (6)
I cannot reproduce the problem. For me npm install jailed
downloads the lates version v0.3.1, which also includes the changeset of #25. Is it probably outdated in the Electron environment for some reason?
from jailed.
I tried it again today and it appears you are correct, I got the newer version (0.3.1) with support for Electron. There must've been a window between updates that allowed me to pull the older variant without this support. Sorry for the noise.
On the subject of a potential feature request . . . is there a way to augment the exposed APIs that can be called? I can see where it's specified in the code but wondered if there was a way to modify this once the module is loaded (short of forking the project and making the modifications myself). As I mentioned, I'm using jailed to execute scripts generated by a custom Blockly implementation. Since I control the code generation process there are a few areas where I'd like to open up the sandbox by exposing additional system APIs. Is this possible currently or does it require direct code modification (e.g. forking the project).
Thanks for sharing you great work!
Glenn
from jailed.
Would it work, if you expose a general method called action(name, params)
, where name is a custom string describing an action to perform? Later on you can extend supported action names on the fly in the handler method.
from jailed.
I'm not sure if I follow you. Are you suggesting adding something like:
application.remote.action(name, params)
to the jailed code so that the actual execution is proxied back to the host (parent) process? I've already done something like this but it requires a call back to the host process for execution. There are some Node.js APIs I'd like to call from the jailed (sub)-process in addition to setInterval/setTimeout etc... I'm not as concerned about creating a true jailed sandbox, but rather a separate thread/process of execution where the Blockly script can execute and I can control (e.g. terminate) it from the host (parent) process. Your jail allows me to do this but (understandably) is very restrictive on the Node.js APIs that can be invoked from the the jail. I was just wondering if there is a better mechanism than modifying the library to open this up?
from jailed.
Method exporting is designed for invoking functions on the opposite site, so all you can do is export something additional (or very general, like the suggested action()
method).
Currently there is no opportunity to "unlock" the sandbox and make it less restricted, and you are using Jailed not in the way it was designed for :-) This might be an insteresting feature for the future which is not there yet.
I would suggest to manually reuse the child_process module and controll the subprocess. Jailed is too overdesigned solution for that.
from jailed.
Thanks for the info. I realize I could have absolute control with the child_process module but your module does offer some very useful sugar-coating around these (more primitive) features. At the moment I can work within the jailed constraints. If they become an impediment to future development, I can always fork your project and make the necessary modifications to fit my use-case. That's for sharing this . . . it's provided a nice foundation on which to build.
from jailed.
Related Issues (20)
- unable to find application object
- Dom manipulation in jailed HOT 1
- Write code without application.remote HOT 2
- Just tried the base example - Getting permission issue HOT 5
- Why is the Web Worker inside an iframe? HOT 4
- Exposing values from the app to the jailed worker. HOT 1
- Best way to pass large data set into jailed script (browser)?
- Cannot read property 'whenEmitted' of undefined
- Add setting for "fallback to iframe jailing only" functionality, and timeout value
- Improve Jail Isolation via Content-Security-Policy HOT 1
- CVE-2022-23923 HOT 2
- Pass values to jailed code HOT 2
- Passing interface with sub functions not working
- Sandbox Escape Bug in jailed with Node.js
- Sandbox Escape Bug in jailed with Node.js
- Sandbox Escape in jailed with Node.js
- Sandbox Escape Bug in jailed with Node.js
- Sandbox Escape Bug in jailed with Node.js
- Sandbox Escape Bug in jailed with Node.js
- Sandbox Escape Bug in jailed with Node.js
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jailed.